So What Is Penetration Testing

What you need to know

Penetration Testing

Penetration Testing, sometimes referred to as pentest, is a real-time test with the aim of gaining access to resources and data inside an organisation. Of course this data should be protected from unauthorised access but we utilise penetration testing in order to discover any vulnerabilities. In order to achieve this, a variety of exploits & attacks, like social engineering and other techniques are utilised.

So what is social engineering? Well the video below explains it very well:

How important is Penetration Testing?

Well the short answer is, very. Of course most companies want to secure their data infrastructure, but a lot of companies don’t prioritise it until after they have learned the hard way. IT managers should also keep in mind that there are laws and regulations for the protection of data. There can also be big financial costs to loss of data in companies.

Benefits of Penetration Testing

Compliance with regulatory requirements, avoid fines

Identification and management of vulnerabilities

Avoidance of network downtime and the resulting costs

Preserve corporate image and maintain customer loyalty

Justify the security investments

Security Definitions

Vulnerabilities

A vulnerability is a weakness in a mechanism that can threaten the confidentiality, integrity, or availability of an asset. A simpler way of putting it would be to say that it is a security hole in either an Operating System, a program or a piece of hardware that could potentially provide an angle to attack the system. It could also be something as simple as a weak password.

Threat

Someone uncovering a vulnerability and exploiting. Unlike what most people think, the enemy does not only reside outside the gates, there are also internal threats we have to deal with.

Risk

Probability of a threat becoming real and the corresponding potential damages. Some threats are most likely to occur than others and some are bound to cause more damage. We need to assess all of them.

Exposure

When a threat agent exploits a vulnerability.

Counter measure

A control put into place to mitigate potential losses.

So what do I do now?

So you are concerned about protecting your company’s data and are wondering what to do next. Well getting certified in Certified Ethical Hacker Program (CEH) will give you the skills needed to keep up to date with the latest methods of Ethical Hacking and Security Assessment.